Added /accounts/login API for logging in users using "email" + "password"

This commit is contained in:
Niko 2022-02-08 23:19:53 +01:00
parent bc2a9e2eb7
commit 4abbcc690b
5 changed files with 66 additions and 25 deletions

View File

@ -1,14 +1,47 @@
const api = require('../api-utils.js')
const db = require('../db.js')
const pwd = require('../passwd.js')
const utils = require('../utils.js')
module.exports = {
login: {
post: async (req, res) => {
if (req.body.email === undefined ||
req.body.password === undefined)
return res.status(400).json({ error: 'invalid_params' })
const user = await db.table.users().findOne({ email: req.body.email })
if (user === null || user.activated !== 1)
return res.status(403).json({ error: 'login_failed' })
if (!pwd.comparePassword(req.body.password, user.password))
return res.status(403).json({ error: 'invalid_password' })
const session_id = utils.randomString(128)
const session = await db.table.sessions().insertOne({
id_user: user._id,
session: session_id
})
if (session.insertedCount > 0) {
const dayjs = require('dayjs')
res.cookie('fedilove_session', session_id, {
expires: dayjs().add(2, "months").toDate(),
httpOnly: true,
secure: true,
})
return res.json({ result: 1 })
}
return res.status(500).json({ error: 'unknown_error' })
},
},
register: {
post: async (req, res) => {
if (req.body.username !== undefined &&
req.body.email !== undefined &&
req.body.password !== undefined &&
req.body.password2 !== undefined) {
if (req.body.username === undefined ||
req.body.email === undefined ||
req.body.password === undefined ||
req.body.password2 === undefined)
return res.status(400).json({ error: 'invalid_params' })
// TODO: validate values, sanitize and check captcha or other registration limitations
console.log(req.body)
@ -16,7 +49,7 @@ module.exports = {
if (req.body.password !== req.body.password2)
return res.status(400).json({ error: 'passwords_not_match' })
if (await db.table.users().findOne({ username: req.body.username }) != null)
if (await db.table.users().findOne({ username: req.body.username }) !== null)
return res.status(403).json({ error: 'username_already_exists' })
if (await db.table.users().findOne({ email: req.body.email }) !== null)
@ -32,8 +65,6 @@ module.exports = {
if (documen.insertedCount > 0)
return res.json({ result: documen.insertedId })
return res.status(500).json({ error: 'unknown_error' })
}
return res.status(400).json({ error: 'invalid_params' })
},
}
}

View File

@ -19,5 +19,6 @@ module.exports = {
},
table: {
users: () => { return mdb.collection('u__users') },
sessions: () => { return mdb.collection('u__sessions') },
},
}

View File

@ -2,6 +2,8 @@
"dependencies": {
"activitypub-express": "^2.3.0",
"bcrypt": "^5.0.1",
"cookie-parser": "^1.4.6",
"dayjs": "^1.10.7",
"deasync": "^0.1.24",
"node-gyp": "^8.4.1"
}

View File

@ -36,6 +36,7 @@ const client = db.conn()
// extensions for express
app.use(express.json({ type: apex.consts.jsonldTypes }), apex)
app.use(require('cookie-parser')())
app.use(bodyParser.urlencoded({ extended: true }))
// define routes using prepacakged middleware collections
@ -70,8 +71,8 @@ app.on('apex-inbox', msg => {
})
// API defines
app.route(api.url('/accounts/register'))
.post(api.accounts.register.post)
app.route(api.url('/accounts/register')).post(api.accounts.register.post)
app.route(api.url('/accounts/login')).post(api.accounts.login.post)
// initialize

6
api/src/utils.js Normal file
View File

@ -0,0 +1,6 @@
const Crypto = require('crypto')
exports.randomString = (size) => {
return Crypto.randomBytes(size)
.toString('base64').slice(0, size)
}